Deployment Architecture

Can deployment servers handle mirroring so changes on my main deployment server can replicate to gateway servers to push to secure domains?

cdoebert
Path Finder

For compliance reasons, we need to have gateway servers set up at the edges of our secure domains that can forward Splunk traffic into one main domain.

Putting an intermediate forwarder on the gateway is fine for traffic, but I would also like for the gateway server to be able to handle configurations, since the servers on the secure domain are unable to talk to my deployment server sitting in the main domain.

Can deployment servers handle mirroring, wherein I can make a change on my main deployment server and it replicates those changes to all my gateways, who can then push out those changes to all the servers on the secure domains? If not natively, what would be the best way to handle this scenario?

0 Karma

Masa
Splunk Employee
Splunk Employee

Splunk used to support Multi-tenant Deployment Server (Main Deployment Server to multiple sub-Deployment Server as repositories). But, the feature is not supported any more.
Splunk Deployment Server/Client requires tcp session establishing from DC to DS. Can you set firewall at the gateway to accept such communication? If not, you might need to put DS to each secure domains.

0 Karma

cdoebert
Path Finder

We have a DS in each secure domain, which I'm fine with, but it would be nice to not have to make modifications to an app in each of my domains. My ideal scenario is having a "main" DS that replicates its changes to the "sub" DS in each domain, who can then push out to the DC's in their domain.

The reason I'm attacking this angle is that otherwise, I would need to have all of my DC's in those secure domains contact my main DS in the general domain, and managing those firewall rules and all the security compliance therein would turn into my entire job.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...